CVE-2025-2045

{"id": "CVE-2025-2045", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-03-06T13:15:12.553", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/512050", "tags": ["Exploit", "Issue Tracking"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2921111", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data."}, {"lang": "es", "value": "La autorizaci\u00f3n incorrecta en GitLab EE que afecta a todas las versiones desde la 17.7 anterior a la 17.7.6, la 17.8 anterior a la 17.8.4 y la 17.9 anterior a la 17.9.1 permite a los usuarios con permisos limitados acceder a datos de an\u00e1lisis de proyectos potencialmente confidenciales."}], "lastModified": "2025-08-06T18:33:48.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8E917B5A-660A-496F-A300-7870ABBDDA24", "versionEndExcluding": "17.7.6", "versionStartIncluding": "17.7.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "BBA524F8-D246-4E22-AD19-D5A7A73BAFDB", "versionEndExcluding": "17.8.4", "versionStartIncluding": "17.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.9.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "520D3C67-BAA9-49B0-8613-7DC0127499D3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}